The easy answer is that they are both important. I believe that obtaining a certification(s) shows that one is serious about security and wants to make it a career. This does not suggest that those without are not serious security professionals. Experience and a successful track record almost always trumps a certification. Combined they make an unbeatable combination.

Hi Laurianne. Rotation programs are an excellent way to grow skills. The key is accepting that not all people will come up to speed on every topic at the exact same rate. My Grandmother was fond of saying, "Good waiters, make good tips." A little patience with one's staff will pay huge dividends in the future.

"Stop thinking Weird Science and start thinking real science." Love the Kelly LeBrock analogy. I have heard first-hand from too many IT pros about hiring managers having the lack of faith that smart people will grow in new directions. Do you advocate rotation programs as a way to grow skills within the organization? These can be especially good for rising star players at risk of leaving.

I really like the idea of looking for talent from within but if that's the strategy your organization takes, you have to give your IT team learning opportunities to keep up with the rapidly evolving threat landscape.. With IT in general -- and security in particular -- it's hard to carve out the time for individuals to stay up to date and keep their skills sharp. But the alternative -- not having the on site security talent you need -- is definitely not an option.

The concept of not prolonging an interview when you know the person isn't a fit and not dragging out the hiring process are just common courtesy, which seems to be lacking among HR managers, judging from the experiences of well-qualified friends who are looking for new gigs.

As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.